How to Create a Privacy Policy for Your Website

Posted on January 6, 2020 by in WordPress | 8 comments

How to Create a Privacy Policy for Your Website

Privacy policies are one of the most underappreciated parts of your website. In fact, a privacy policy is one of the most important elements of your site. From providing legal protections (both domestic and international) to being an SEO ranking factor, making sure that your website’s privacy policy is top-notch, clear, and up-to-date is paramount. We have some tools and resources that can help you with this. We also as some tips and advice as to what to include in your WordPress privacy policy to begin with.

Subscribe To Our Youtube Channel

What is a Privacy Policy?

The Elegant Themes privacy policy.

Privacy policies can look intimidating, but you should always read them when possible.

A privacy policy tells users what you’re doing with their data. Anything you gather from them, an email address, first name, location, whatever, has to be disclosed to your website visitor, and then you have to tell them what you plan to do with that information, even if your plans are as benign as sending a birthday discount via email. The General Data Protection Regulation (GDPR) is legislation passed by the European Union that even requires visitors to opt in before any data is collected at all (plus much more), no matter the reason.

If you use Google Analytics, Facebook Like buttons, run ads on your site or any number of other standard practices for 95% of websites out there, a privacy policy is 100% necessary.

Why Have a Privacy Policy?

The purpose of having a solid privacy policy is to make sure that your users know exactly what they’re opting into. Even if they don’t read it (and most won’t), they and you are still bound by it. Not having one opens you up to legal troubles. Not the least of which is thousands of dollars in fines. Beginning in 2020, legislation called the California Consumer Privacy Act (CCPA) is even more strict than GDPR in terms of both requirements and penalty, so tightening up your legalese should be at the top of your to-do list if you haven’t tidied it up in a while.

Ideally, you’d enlist the help of a lawyer to help you draft your privacy policy. However, that’s not a practical option for the vast majority of site owners. Knowing this, a lot of online services have sprung up to help fledgling websites craft basic privacy policies to cover their bases. Not all of them are created equal, however. We want to give you an idea of what you should look for in a privacy policy so that any generator or boilerplate you implement actually has you covered.

What Should Your Privacy Policy Include?

These points may or may not be everything you need to consider for a well-rounded privacy policy. Think of them only as the basics that the document should include. (You can also read up on critical clauses if you’re so inclined.)

  • how you collect information
  • what you do with collected information
  • what cookies, pixels, and other trackers your site uses and their purpose
  • any advertising networks and their methods/purpose of data collection and ad delivery
  • how your users can opt-in and opt-out of their data being collected and stored
  • how your users can request their data be turned over to them and/or deleted
  • contact information for site administrators

This is the bread and butter of privacy policies. Ideally, visitors would take a look at your policy and decide if they’re comfortable using your services. More realistically, it covers you legally. In case someone ever comes back with a dispute about how you used their information or data, you have a document indicating that they opted in for that usage.

A big part of these disclosures involves cookies. Cookies are files on your computer that contain personal settings for specific websites. The term itself supposedly comes from ‘magic cookies’, which are a type of token used by UNIX-based Operating Systems (OS). In any case, websites use cookies to track what you do within them. For example, cookies enable you to stay logged in even if you leave the website (although there are limitations). According to the European Union’s Cookie Law and new ePrivacy Regulation, sites need to inform visitors about their use of cookies and provide an option to disable them.

What Do You Do with User Data?

Here’s the real kicker: what you do with the data is just as important to disclose as that you collect it. Why? Data is big business. It’s really the business. Billions of dollars flow through the data industry each year. Many, many, man sites sell or share their user data. Others, more ethically, use the collected data to personalize content and ads and other, similar applications.

Regardless of what the use is, you must disclose it. While some users may consent to share personal data, they might not be happy with how you decide to use it and decide to not opt in. Or request that you remove their data from your collection after the fact.

One use of using a user’s data is us. If your Elegant Themes yearly subscription is about to expire, we send you an email reminder. In this case, we’re using your personal information to provide an update. We have the date on which you became a member, your name, and your email address. We use that to personalize our service to you.

In any case, if you’re not comfortable with the way a website uses your information, the GDPR outlines the ‘right to be forgotten‘. This means sites are bound by law to delete your information if you ask them to.

How to Create a Privacy Policy

We mentioned before that a lawyer is a good option. After all, this is a legal document that you and your business will be bound to. However, that’s unrealistic for most website owners. That’s why various services have sprung up over the years to generate boilerplate (but customizable) privacy policies for your websites. We’re going to touch on a few of them so that you can know that you’re in the right hands in letting your visitors know that they are, too.

1. Termageddon

WordPress privacy policy

Knowing fully how ridiculous their name is and leaning into it, Termageddon is a top-notch service that generates automatically updating privacy policies. Any time new laws are passed that affect privacy data, Termageddon updates your embedded policy to reflect them. So when CCPA went into effect, it was updated from when the GDPR started. Setting it up is as simple as answering questions about your business or website. Then you paste an embed code into the page where it will live. You can override any updates or changes, and you can edit the policy manually, too. If you handle a lot of user data, then this is $10 a month well spent.

Price: $10 per month/ $99 per year | More information

2. TermsFeed

WordPress privacy policy

TermsFeed enables you to generate basic privacy policies in minutes. You can easily customize them using your site’s information. Each time you want to create a new policy, the service will walk you through a questionnaire to help you determine the clauses you need. When the process is over, you’ll receive your new policy via email. The turnaround is pretty quick. That way, you can paste it into your website and have it live for your visitors immediately. The platform also offers you the option of updating your policies automatically as laws change. Plus, if you want more personalized customization, you can download various templates for terms of service and so on that you can edit and fill out on your own.

Price: Free and paid plans available | More Information

3. FireBase

WordPress privacy policy

Powered by Google and designed mostly for mobile apps, FireBase is a great privacy generator. Esepcially when you want something fast, easy, and customized for very specific services. It’s easy to implement and set up. It is a more simplistic privacy policy; however, that doesn’t mean it is useless or even bad. The policies generated show what you do with cookies and how you use various services, and we like it because it’s written in plainer language that your users will be able to understand and parse better than some of the more complex legalese that comes in other generators. If you want a quick, easy, and understandable privacy policy generator, this is it.

Price: free | More information

How to Add the WordPress Privacy Policy

Actually adding the privacy policy to your website is incredibly easy. All you need to do is create a new Page and title it something like Privacy or Privacy Policy.

Adding to your site

Then it’s a simple matter of pasting in either the WordPress privacy policy text or the embed code. For this example, we pasted the entire privacy policy into a Classic block in Gutenberg. But it could just have easily been a Custom HTML block or even just normal Text blocks.

linking to your policy

Upon hitting Publish, you just need to make it accessible to your users. Adding it to the bottom of your About page is always a good idea, as well as adding it to your primary navigation menu (as well as footer menus).

using privacy in WP

And make sure that you click Save Menu when you’re finished. Many people forget that WordPress requires confirmation of menu adjustment, and the last thing you want to do is put in a lot of time and effort making sure that you’ve added the best privacy policy to your website that you can…and then make it inaccessible.

the text on display

When that is done, your policy should be live on your site and visible to users.


Website privacy policies don’t get the spotlight they deserve. However, they’re essential elements of any website that takes data protection regulations seriously. On top of enabling you to keep your operations above board, your WordPress privacy policy outlines how your site handles personal information. That should put visitors’ minds at ease. And cover you legally and ethically, too.

What do you find the most important aspect of a privacy policy?

Article image thumbnail by Zeeker2526 /

Premade Layouts

Check Out These Related Posts

4 Best 404 Plugins for WordPress

4 Best 404 Plugins for WordPress

Posted on April 18, 2021 by in WordPress

The dreaded HTTP error 404. No site owner wants to have them, and no visitor wants to see them. But the 404 page is a reality for each and every WordPress website out there. Making sure that your 404 page isn’t a dead-end and doesn’t stop your user’s journey across your site is...

View Full Post
How to Configure Your WordPress General Settings

How to Configure Your WordPress General Settings

Posted on April 17, 2021 by in WordPress

WordPress’ flexibility sometimes means that its settings can be a bit overwhelming. This is especially true of the General Settings page, which houses a long list of seemingly unrelated options. However, the features here are more straightforward than they may first appear. In this article,...

View Full Post
How to Add a WordPress Author Bio Image

How to Add a WordPress Author Bio Image

Posted on April 16, 2021 by in WordPress

One of the most-visited pages on a website is the About Me page. When a new visitor arrives on a site and likes the content, they tend to want to know who created it so they can put a face to the name. In addition to having a great About page, having an author bio image on each of your WordPress...

View Full Post


  1. Thanks a lot. That tips helps me on my blog. I understand why we have to create privacy policy.

  2. A lot of websites both large and small are using a passive confirmation regarding cookie use with a popup that says something like: “This website uses cookies to ensure you get the best experience on our website. To learn more, visit our privacy page (or cookie policy)”

    To close the pop up there is usually a button that says “Got It”, “Close”, etc. This passive approach may be easy to implement but does it really meet the intent of the GDPR Cookie Law or even CCPA? From my viewpoint, it does not meet the intent but for a small blogging site maybe it is good enough. Thoughts?

    • Why does having a popup not meet GDPR?

      • TermsFeed is a great optikn to get started, “the service will walk you through a questionnaire” this helped a lot. Thanks B.J

      • Because if user does not agree only technical cookies should be enabled. You should not set cookies before user take action on this pop up.

        My take is GDPR has it’s place but was not invented to make us put notifications all over the website. There is also was is called “common sense or cause?” I mean when a user fills a contact form they want to get contacted. The consent it makes little sense. What you do with their data is enough to have it on your policy

        • Exactly. As I see it, it’s a very technical interpretation of the law that kind of skirts it. I am of the viewpoint that you have to specifically click something that lets you opt-in like “I accept the use of these cookies” before anything else is enabled on your end.

          The last time I traveled to Europe, the websites I visited had generally that kind of popup, where when I have been in the US or Mexico, they use the more passive language which is essentially an opt-out. It gets sticky, and I expect it will only get fully clarified when a major lawsuit happens and we get clarification on how a court interprets it.

  3. This is exactly what I needed, thank you! I like the fact you mentioned European laws too 🙂 Can you make a post about the terms and conditions page too?

  4. Great post. I did think that this subject was a bit of a minefield, but you’ve helped me to understand it better. For me as a perfecti0onist, the most important part of my privacy policy is being as complete and comprehensive as possible.

Join To Download Today

Pin It on Pinterest